1 files changed, 57 insertions, 15 deletions
diff --git a/doc/api/member_roles.md b/doc/api/member_roles.md
index 3ef6e287418..9d3e51efabd 100644
--- a/doc/api/member_roles.md
+++ b/doc/api/member_roles.md
@@ -4,10 +4,14 @@ group: Authentication and Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Member roles API **(ULTIMATE)**
+# Member roles API **(ULTIMATE ALL)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96996) in GitLab 15.4. [Deployed behind the `customizable_roles` flag](../administration/feature_flags.md), disabled by default.
 > - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110810) in GitLab 15.9.
+> - [Read vulnerability added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114734) in GitLab 16.0.
+> - [Admin vulnerability added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121534) in GitLab 16.1.
+> - [Read dependency added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126247) in GitLab 16.3.
+> - [Name and description fields added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126423) in GitLab 16.3.
 
 ## List all member roles of a group
 
@@ -23,12 +27,17 @@ GET /groups/:id/member_roles
 
 If successful, returns [`200`](rest/index.md#status-codes) and the following response attributes:
 
-| Attribute                | Type     | Description           |
-|:-------------------------|:---------|:----------------------|
+| Attribute                | Type    | Description           |
+|:-------------------------|:--------|:----------------------|
 | `[].id`                  | integer | The ID of the member role. |
+| `[].name`                | string  | The name of the member role. |
+| `[].description`         | string  | The description of the member role. |
 | `[].group_id`            | integer | The ID of the group that the member role belongs to. |
-| `[].base_access_level`   | integer | Base access level for member role. |
-| `[].read_code`           | boolean | Permission to read code. |
+| `[].base_access_level`   | integer | Base access level for member role. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), or 50 (Owner).|
+| `[].admin_vulnerability` | boolean | Permission to admin project vulnerabilities. |
+| `[].read_code`           | boolean | Permission to read project code. |
+| `[].read_dependency`     | boolean | Permission to read project dependencies. |
+| `[].read_vulnerability`  | boolean | Permission to read project vulnerabilities. |
 
 Example request:
 
@@ -42,21 +51,33 @@ Example response:
 [
   {
     "id": 2,
+    "name": "Custom + code",
+    "description: "Custom guest that can read code",
     "group_id": 84,
     "base_access_level": 10,
-    "read_code": true
+    "admin_vulnerability": false,
+    "read_code": true,
+    "read_dependency": false,
+    "read_vulnerability": false
   },
   {
     "id": 3,
+    "name": "Guest + security",
+    "description: "Custom guest that read and admin security entities",
     "group_id": 84,
     "base_access_level": 10,
-    "read_code": false
+    "admin_vulnerability": true,
+    "read_code": false,
+    "read_dependency": true,
+    "read_vulnerability": true
   }
 ]
 ```
 
 ## Add a member role to a group
 
+> Ability to add a name and description when creating a custom role [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126423) in GitLab 16.3.
+
 Adds a member role to a group.
 
 ```plaintext
@@ -65,25 +86,35 @@ POST /groups/:id/member_roles
 
 To add a member role to a group, the group must be at root-level (have no parent group).
 
-| Attribute | Type | Required | Description |
-| --------- | ---- | -------- | ----------- |
-| `id`      | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) owned by the authenticated user. |
-| `base_access_level` | integer | yes   | Base access level for configured role. |
-| `read_code` | boolean | no | Permission to read code.  |
+| Attribute | Type                | Required | Description |
+| --------- | ------------------- | -------- | ----------- |
+| `id`      | integer/string      | yes      | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) owned by the authenticated user. |
+| `name`         | string         | yes      | The name of the member role. |
+| `description`  | string         | no       | The description of the member role. |
+| `base_access_level` | integer   | yes      | Base access level for configured role. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), or 50 (Owner).|
+| `admin_vulnerability` | boolean | no       | Permission to admin project vulnerabilities. |
+| `read_code`           | boolean | no       | Permission to read project code. |
+| `read_dependency`     | boolean | no       | Permission to read project dependencies. |
+| `read_vulnerability`  | boolean | no       | Permission to read project vulnerabilities. |
 
 If successful, returns [`201`](rest/index.md#status-codes) and the following attributes:
 
 | Attribute                | Type     | Description           |
 |:-------------------------|:---------|:----------------------|
 | `id`                     | integer | The ID of the member role. |
+| `name`                   | string  | The name of the member role. |
+| `description`            | string  | The description of the member role. |
 | `group_id`               | integer | The ID of the group that the member role belongs to. |
 | `base_access_level`      | integer | Base access level for member role. |
-| `read_code`              | boolean | Permission to read code. |
+| `admin_vulnerability`    | boolean | Permission to admin project vulnerabilities. |
+| `read_code`              | boolean | Permission to read project code. |
+| `read_dependency`        | boolean | Permission to read project dependencies. |
+| `read_vulnerability`     | boolean | Permission to read project vulnerabilities. |
 
 Example request:
 
 ```shell
- curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"base_access_level" : 10, "read_code" : true}' "https://example.gitlab.com/api/v4/groups/:id/member_roles"
+ curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"name" : "Custom guest", "base_access_level" : 10, "read_code" : true}' "https://example.gitlab.com/api/v4/groups/:id/member_roles"
 ```
 
 Example response:
@@ -91,12 +122,23 @@ Example response:
 ```json
 {
   "id": 3,
+  "name": "Custom guest",
+  "description": null,
   "group_id": 84,
   "base_access_level": 10,
-  "read_code": true
+  "admin_vulnerability": false,
+  "read_code": true,
+  "read_dependency": false,
+  "read_vulnerability": false
 }
 ```
 
+In GitLab 16.3 and later, you can use the API to:
+
+- Add a name (required) and description (optional) when you
+  [create a new custom role](../user/permissions.md#create-a-custom-role).
+- Update an existing custom role's name and description.
+
 ### Remove member role of a group
 
 Deletes a member role of a group.